Only use issuer certificate if X509_STORE_CTX_get1_issuer() succeeded.

author David Woodhouse <David.Woodhouse@intel.com>

Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)

committer David Woodhouse <David.Woodhouse@intel.com>

Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)
author David Woodhouse <David.Woodhouse@intel.com>
Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)
committer David Woodhouse <David.Woodhouse@intel.com>
Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)
diff --git a/ssl.c b/ssl.c

index 360fb5b..eb90980 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -369,7 +369,7 @@ void workaround_openssl_certchain_bug(struct openconnect_info *vpninfo, SSL *ssl
         if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL))
                 return;
  
-       while (X509_STORE_CTX_get1_issuer(&cert2, &ctx, cert) >= 0) {
+       while (X509_STORE_CTX_get1_issuer(&cert2, &ctx, cert) == 1) {
                 char buf[200];
                 if (cert2 == cert)
                         break;
author	David Woodhouse <David.Woodhouse@intel.com>
	Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)
committer	David Woodhouse <David.Woodhouse@intel.com>
	Sun, 31 May 2009 20:39:09 +0000 (21:39 +0100)